DNS Poisoning and the Enterprise

Fabio Hashimoto, Technology Manager at PromonLogicalis, gives us the low down on ‘DNS Poisoning’, a hacking technique exploiting inherent vulnerabilities in the internet technologies that are now commonplace in enterprise systems.

First of all, what is DNS Poisoning?

DNS Poisoning or DNS Cache Poisoning is a hacking technique that attempts to exploit a known weakness in some Domain Name Server (DNS) technologies. You can read the technical details here, but in essence DNS servers convert internet addresses (www.example.com) into the numerical IP addresses that route internet traffic. A DNS Poisoning attack is, in essence, tricking the DNS Server into sending traffic in the wrong direction – by adding false content in the DNS cache.

What makes DNS Poisoning so attractive to hackers?

For one thing, DNS poisoning is a very powerful technique, since a single server deals with queries from hundreds of thousands of users – as a result, a successful DNS hack can reach many victims simultaneously.

On top of that, DNS poisoning is very hard to detect. First, because the attack is nothing more than a configuration change and does not involve installation of malware such as viruses or Trojans, it is essentially invisible to antivirus, intrusion prevention systems and other protection mechanisms. Second, the configuration change is essentially one data entry amongst hundreds or thousands of similar entries in dozens of different DNS servers – finding that one code change is like looking for a needle in a haystack.

What is the risk to the enterprise?

These days most enterprise IT systems make extensive use of internet technologies and so, like the internet itself, they rely heavily on DNS Servers to, essentially, direct traffic – both internally and externally. That means the risk is two-fold. A DNS attack on the enterprise can affect the business itself, or its customers.

For instance there is a risk of disruption to the normal operation of IT systems, access to applications and data, and the security of commercially sensitive information. Poorly constructed cloud solutions have the potential to heighten this risk – particularly if based on outdated, poorly managed DNS platforms. Customers: There is a risk that customers’ personal and financial information could be compromised and used to defraud – with obvious knock-on reputational risks for the enterprise itself.

In the case of a bank, for example, a hacker might successfully poison the DNS Cache of an Internet Service Provider and direct its subscribers to a phishing website designed to mimic the bank´s authentic website – the hacker might obtain passwords from several of the bank´s customers and perform fraudulent transactions.

It is important to note that an enterprise can also be a ‘customer’ of an existing DNS Cache service, such as one provided by an enterprise-grade Internet Service Provider – which would mean that all employees and enterprise systems would be simultaneously affected by the poisoning of the ISP´s DNS Cache.

How serious is the risk?

It is important to mention that the DNS mechanism was designed in the early days of the Internet (early 80s), and at that time concepts like cyber-security and hackers were non-existent. Even today, DNS Poisoning attacks remain rare but, since the DNS is a fundamental part of internet and now corporate IT infrastructure, it is a risk that is not going to go away, and neither are many of the features that make it so attractive to hackers and cyber terrorists. As with any security risk offering a vector for hackers, it is likely that the risk will grow over time, and the threat will evolve as more sophisticated DNS hacking techniques emerge.

If attacks are so hard to detect, how do you stop them?

The answer, for a long time, was ‘with difficulty’. However, in recent years we’ve seen much more co-ordinated attempts to develop technological solutions to exploitable DNS vulnerabilities.

Notable examples include the rise of new, more robust and secure DNS platforms and the increasing adoption of more secure communications standards, such as DNSSEC – though, at the enterprise level, DNSSEC readiness rather than all out adoption is still the right approach, at least until the underlying internet infrastructure catches up. Even the traditional cyber security vendors (such as IPS/IDS manufacturers) are looking into providing better support to DNS –oriented attacks and vulnerabilities.

Another important response has been the development of DNS service management practices – specialised teams to manage the infrastructure within companies based on specific processes, monitoring and management tools such as IPAM (IP Address Management). This is similar to desktop/endpoint management: keep systems up-to-date on patches, monitor and solve known vulnerabilities and non-compliance to standards.

One thing is clear, however. As the internet and internet technologies pervade further and further into enterprise IT, our response to DNS security risks must evolve if we are to protect corporations and consumers from the efforts of hackers. The evolution of more secure DNS platforms and techniques to protect against DNS attacks is well worth keeping an eye on.

We’ll be hearing more from Fabio in the future. In the meantime, look out for pieces covering topics such as Technology, Innovation and BYOD, Business Analytics and Video Collaboration – all coming soon…

About Fabio Hashimoto

Fabio Hashimoto is PromonLogicalis Technology Manager and is responsible for the DNS, DHCP and IPAM solutions portfolio. PromonLogicalis provides solutions to IPAM and DNS service providers and large companies in Brazil and South America. For more information, see http://www.promonlogicalis.com.br.

In the third of a nine-part series drawing on the Logicalis Global CIO study, Chris Gabriel explains why apps are central to digital transformation. The statement ‘Every company is a software company’ has been on repeat over the last few years. When it was first uttered it was more of a future-gazing, stake-in-the-ground pronouncement – and […]

Bob Bailkoski, Logicalis CFO, looks at what CFOs want from CIOs and how they can deliver. Digital technologies, such as big data, analytics, mobile and cloud, are now more closely connected to the financial health of organisations than ever before. It is vital, therefore, that IT and finance leaders get along. However, in many organisations a […]

In this, the second post in a nine-part series, drawing on the Logicalis Global CIO study, Logicalis CEO Mark Rogers assesses how digital disruption is changing the way businesses procure, manage and consume technology – as well as what that means for CIOs and their teams. He looks in particular at a previous symptom of digital transformation […]

We recently announced at Logicalis that we are putting together a team to explore the immediate and future impact of Software Defined Networking. But to the non-technical CXO, what is an SDN? Gary Thomas explains. For the average technically minded executive many new concepts are understood by a form of osmosis coupled with a core […]

Fred Kouwenberg, Sales Director at Logicalis SMC looks at a key challenge today’s agile organisations pose for operations teams – deploying new releases to production immediately after development and testing is completed – arguing that an automatic and transparent process, agile deployment, is required if applications are to be delivered successfully. The highly competitive nature […]

A research white paper published today by Ovum and commissioned by Logicalis, reveals some interesting statistics about the willingness to use, and readiness to deploy, BYOD in the workplace. Ovum’s multi-market Q4 2012 BYOD survey gathered responses from 3,796 consumers who work full-time in organisations with more than 50 employees across 17 different countries. Respondents […]

Chris Meager looks at Corporate Owned, Personally Enabled (COPE), a BYOD model that may suit organisations who require a higher degree of predictability over their network of devices, with the advantages of allowing users the benefits of integrating personal and work use on a single smart device. Any straw poll on the views towards BYOD […]

The productivity benefits of BYOD and enterprise mobility are becoming hard to ignore and corporate adoption is growing, but are businesses getting it right in terms of procedure and policy? Caryn Johnston, Director of Propositions, investigates. BYOD (Bring Your Own Device) use among enterprise employees appears to be growing, according to recent Gartner survey. At […]

Over the past two years we have featured several articles about BYOD. Here is a round up of those posts all aimed at the CIO, CTO and wider C-Level community. Feel free to comment if you have any thoughts about the future of BYOD an mobility. If you want BYOD to work, do the maths […]

BYOD in schools, Chris Gabriel looks at whether allowing school children to BYOD is a good idea or just a faddy notion. There is an argument that the use of technology and new inventions, such as BYOD, “dulls the memory and results in people seeming to know much, while for the most part knowing nothing”. […]